Identifying traffic logged by ipfw
Ben Beuchler
insyte at emt-p.org
Fri Apr 16 10:51:33 PDT 2004
I'm working on a new bridging firewall using ipfw on FBSD 5.1. The goal
is to default to closed with a few exceptions. To test my ruleset, I end
with this rule:
add 420 allow log ip from any to any
The idea is that by watching the logs I could see what protocols I forgot
to create rules for. This is what I'm getting in the logs:
Apr 16 16:43:40 bfw kernel: ipfw: 420 Accept MAC in via em2
I'm guessing this means it's matching non-ip traffic, but I couldn't find
any info to confirm this. Is there any sort of trick I could use to log
the entire packet? Since nothing about the source or destination was
logged, I don't have enough info to create a tcpdump filter. Perhaps some
sort of divert rule?
Thanks!
-Ben
--
Ben Beuchler There is no spoon.
insyte at emt-p.org -- The Matrix
More information about the freebsd-questions
mailing list